SEP-39-2005 20:56 



BLRCKMON IP SERUICES 



703+5363902 P. 05/21 



CLAIM LISTING 

: Pteask amend the Claims as follows: 

this jfsting of claims will replace all prior versions, and listing, of claims in the 
appfication: 

Applicant has made a good faith effort to list each and every prior claim, including any amendments or 
changes thereto (or status thereof) in this "Listing" section, however, should there be any discrepancy 
b&weeh the previous version of a claim (or status thereof) and the listing not explicitly amended, canceled 
or otherwise changed by this amendment only the previous version (and status thereof) should be 
referred to as the intent of the Applicant 

I ■ Listing of the Claims : 

1. (Original) A computer- implemented method for creating a 
cryptographically secure network between at least two access 
systems, the method comprising a switch system performing the 
steps of : 

associating each of a plurality of access systems with a 
• public key from a private-public key pair associated with said 
access system; 

in response to a request from a first access system to 
transmit data to a second access system: 

authenticating the first access system using the public 
key . associated with the first access system; 

forming a first cryptographically secure network 
cdnriection between the authenticated first access system and the 
switch system; 

accepting data from the authenticated first access system 
via the first cryptographically secure network connections- 
authenticating the second access system using the public 
key associated with the second access system; 
forming a second cryptographically secure network connection 

between the authenticated second access system and 
the switch system; 

PAGE 5/21 ^ RCVD At 9^2005 8-51:40 PM [Eastern DayOght Time] ^ SVR:U^>TO-EFXRF-6/25 > DHiS:2738300 a CSlD:7(m5363902 ' DURATION (mm-ss):07^58_^__ 

3EST AVAILABLE CO: 



SEP-36-2005 20:56 



BLACKMON IP SERUICES 



703+5363902 P . 06/21 



ahd transmitting the data to the authenticated second 
access system via the second cryptographically secure network 
. connection. 

* ; 2. (Currently Amended) The method of claim 1 wherein the switch 
■ system issues an access system the access system's private- 
. pubic key pai r; and 

trie switch system authenticates the first access system by 
:' receiving a document encyrpted by the first acc ess system using 
the private key associated with the first access system and 
successfully decrypting the document using the public key 
associated with the first access system . 

: 3. (Original) The method of claim 1 wherein the switch system 
comprises a plurality of nodes securely networked together. 

.. 4. (Original) The method of claim 2 wherein the first and second 
. access systems connect to the switch system via different nodes. 

: 5. (Original) The method of claim 1 further comprising the 

switch:;system performing the step of: 

Using a switch system private key r in conjunction with an 

access system using a corresponding switch system public key, to 
;. authenticate the switch system to the access system. 

6. (Original) The method of claim 1 wherein the first and second 
: cryptographically secure connections are each implemented by 

encrypting the data at a layer selected from the group 
. comprising an application layer, a presentation layer, and a 

session layer of the Open Systems Interconnection reference 

. 09/978,113 
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' ! ■ 

. [ : j • ' : • ■' - 

\ • '• | : ' .. . 

* ' . ■ ;:' ' model;. ; 

7:.: (Original) The method of claim 6 wherein the first and second 
cryptdgraphically secure network connections are each formed 
• using; at least one encryption key from a group comprising a 

; SYTrimetric key, an asymmetric key, and a symmetric session key 

• * ■ ■ * ■ 

. ■: etlcrypted with an asymmetric key. 

; ; 8:, (Original) The method of claim 1 wherein the data is 
: encrypted, with at least one encryption key for which the switch 

■ ' system does not have access to the encryption key's 
i • corresponding decryption key. 

it . 

: j : 9 , : (Original) The method of claim 1 wherein the data comprises 
at lea'st one from the group comprising: 
j ;a digest of at least a portion of the data; 

and a digital signature of the first access system. 

.■■ ■ ■.>*'* ■ ■' 

|, 10. (Original) The method of claim l further comprising the 

■ switch system performing the step of storing at least one of the 
' :,■ gtoiip | Comprising the data, a digest of at least a portion of the 

-I: datay 'acrid, a digital signature. 

1 : " j ; ! : : ■ . ' • * ; 

j (Original) The method of claim 10 further comprising the 

j.- switch system performing the step of time-stamping at least one 
• ' | "of; the group comprising the data, a digest of at least a portion 

:| of the data, and a digital signature of the first access system. 

; j, .12- (Original) The method of claim 1 wherein the switch system 
•L: : i*iteri^ces with an application which utilizes the data exchanged 

L S • 09#78,li3 ' 
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between the first and second access syst 



eras. 



: 12. (original) The method of claim 1 wherein at least one of the 
■■ . first: and second access systems connects to the switch system 
via ain. application proxy. 

;. la *- (§*iginal) The method of claim 13 wherein the application 
: proxy; processes data initiated from an access system and data 
intended for the access system based upon predefined policies. 

.' 15. (driginal) The method of claim 14 wherein the policies for 
:,. the application proxy are set by the access system. 

16. C^riginal) A switch system for establishing a secure network 
:■ connection between at least two Access systems, the switch 
system comprising: 

i%t ; least . one node comprising: 

fia key module for associating each access system with a 
publid: key from a private-public key pair associated with said 
accesd- system; 

^.authentication module, coupled to the key manager 
module, for using an access system's public key, in conjunction 
: with the access system using its private key, to authenticate 
the acjbess system; 

v&nd a secure network module, coupled to the authentication 
. module; for establishing a cryptographically secure network 

connection between the switch system and an authenticated access 
: system; whereby data is received from a first access system via 
• ^ secure connection and transmitted to a second access 
: -\.sy st erttj: via a- second secure connection. 
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iy. ; (Oriiginal) . The system of claim 16 wherein the key module is 
Jfurther iiadapted to perform the step of: 

issuing a private-public key pair to an access system. 

.18. (Original) The system of claim 16 wherein the authentication 
module is further adapted to perform the step of: 

; using a switch system private key, in conjunction with an 
Access System using a corresponding switch system public key, to 
authenticate the switch system to the access system* 

:19. . (briginal) The system of claim 16 wherein the 

. cryptpgraphieal ly secure network connection is implemented by 

:l encrypting the data at a layer selected from the group 

I comprising, an application layer, a presentation layer, and a 

i session/ layer of the Open Systems Interconnection reference 

■ model. •;• 

.1 ' ■; \ 

20. COriginal) The system of claim 19 wherein the 
/cryptjog-raphicaily secure network connections are formed using at 
; least; bhe encryption key from the group comprising a symmetric 
: key, lanj asymmetric key, and a symmetric session key encrypted 

with -aii; asymmetric key. 

••2i.:. (original) The system of claim 16 wherein the data is 
:.encrjpt;ed with at least one encryption key for which the switch 
•i syst^ijdoes not have access to the encryption key's 
corresponding decryption key. 
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; .22.:.- f Original) The system. of claim 16 wherein the node further 
! comprises : 

a. computer -readable medium for storing at least one of the 
. group, comprising the data, a digest of at least a portion of the 
da,tk, and a digital signature of an access system. 

;• 23-38: r (Cancelled) 

: 3-9! . • CN6w) In a computer -readable medium, a computer program 
product for creating a cryptographically secure network between 
at least two access systems, the computer -readable medium 
: comprising program code adapted to perform the steps of: 

.associating each of a plurality of access systems with a 
i public key from a private-public key pair associated with said 
access system; 

in response to a request from a first access system to 
. transtriit : data to a second access system: 

. authenticating the first access system using the public 
y key associated with the first access system; 

forming a first cryptographically secure network 
.connection between the authenticated first access system and the 
; switch system; 

• accepting data from the authenticated first access system 
via. the first cryptographically secure network connection; 

authenticating the second access system using the public 
key associated with the second access system; 

forming a second cryptographically secure network 
■ connection between the authenticated second access' system and 
i the switch system; 



09/978,113 
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:[and- transmitting the data to the authenticated second 
access system via the second cryptographic ally secure network 
connection, 

40. (New) The computer readable medium of claim 39 wherein the 
switch system issues to an access system the access system's 
private-pubic key pair. 

(New) The computer readable medium of claim 39 wherein the 

switch' system comprises * plurality of nodes securely networked 
•together. 



42. (New) The computer readable medium of claim 41 wherein the 
first and second access systems connect to the switch system via 
different nodes. 

43. (New) . The computer readable medium of claim 39 farther 
comprising program code adapted to perform the step of: 

using a switch system private key, in conjunction with an 
,. access .system using a corresponding switch system public key, to 
authenticate the switch system to the access system. 

44. (New) The computer readable medium of claim 39 wherein the 
first and second cryptographically secure connections are each 
implemented by encrypting the data at a layer selected from the 
group comprising an application layer, a presentation layer, and 
a session layer of the Open Systems Interconnection reference 

' model . . 

45. (New) The computer readable medium of claim 44 wherein the 

; ' . ■■ . ' : 09/978,113 

PAGE 11/21 * RC VD AT 9/30/2005 8:51:40 PM {Eastern Daylight rrnie] * SVR:USPTO-EFXRF-6/25' DWS:2738300 ' CSID:703»5363902 < DURATION (mm-ss):07-58 



* SEP-30-2005 20:59 



BLPCKMON IP 5ERUICES 



703+5363902 P . 12/21 



firbt ^nd second cryptographically secure network connections 
aire each formed using at least one encryption key from the group 
con^rising a symmetric key, an asymmetric key, and a symmetric 
session key encrypted with an asymmetric key. 

46. (New) The computer readable medium of claim 39 wherein the 
data is encrypted with at least one encryption key for which the 
switch system does not have access to the encryption key's 
cor responding decryption key, 

4|7.; (New) The computer readable medium of claim 39 wherein the 
data further comprises at least one from the group comprising: 
a digest of at least a portion of the data; 
.and a digital signature of the first access system. 

48. (New) The computer readable medium of claim 39 further 
comprising program code adapted to perform the step of: 

storing at least one of the group comprising the data, a 
digest of at least a portion of the data, and a digital 
Signature.' 

49. ($Tew) The computer readable medium of claim 48 further 
\ comprising program code adapted to perform the step of: 

• : time-stamping at least one of the group comprising the 
data, a digest of at least a portion of the data, and a digital 
Signature of the first access system. 

50. (New) The computer readable medium of claim 39 wherein the 
switch system interfaces with an application which utilizes the 

• .data exchanged between the. first and second access Systems. 

' Pj^ge9 
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51. (New) The computer readable medium of claim 39 wherein at 
least one of the first and second access systems connects to the 

. switch, system via an application proxy. 

52. - (Ntew) The computer readable medium of claim 51 wherein the 
application proxy processes data initiated from an access system 
and data intended for the access system based upon predefined 

.policies ♦ 

53 . (New) The computer readable medium of claim 52 wherein the 

. policies for the application proxy are set by the access system. 

54. (New) A computer- implemented method for creating a 

.. cryptographically secure network between at least two access 
systems, the method comprising a switch system performing the 
f steps of: 

.a plurality of access systems, each having a public key 
[t rom a private-public key pair associated with said access 
system; 

. • in response to a request from a first access system to 
•transmit data to a second access system: 

.authenticating the first access system by decrypting a 
: mes sage encrypt ed by the first access system using one key of a 
private-public key pair; 

forming a first cryptographically secure network 
• connection between the authenticated first access system and the 
switch system, wherein communications are encrypted by one key 
of . a private-public key pair; 
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'( accepting data from the authenticated first access system 
via the first cryptographically secure network connection, where 
said f data is encrypted by one key of a private -public key pair; 

.\ authenticating the second access system by decrypting a 
message encrypted by the second access system using one key of a 
. private -public key pair; 

forming a second cryptographically secure network 
connection between the authenticated second access system arid 
the Switch system; 

■ " ;i. and transmitting the data to the authenticated second 
accedis system via the second cryptographically secure network 
connection, where said data is encrypted by one key of a 
private ^public key pair. 

•;Vi . 55, (New) The method of claim 54 wherein the switch system 

issues an access system the access system's private-pubic key 
.. pair.; 

• • • j" " : ' '1 ' 

' : 56* (New) The method of claim 54 wherein the switch system 

*' 

' l /coihpirises a. plurality of nodes securely networked together. 

' ' ^ 

: . i • ' r 

57* ^New) The method of claim 56 wherein the first and second 
access systems connect to the switch system via different nodes . 

; 58: (New) The method of claim 54 further comprising the switch 

■ system performing the step of: 

} using a switch system private key, in conjunction with an 
access system using a corresponding switch system public key, to 
authenticate the switch system to the access system. 

•J :.■ 09/978,113 
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60. (New)^ The method of claim 58 wherein the first and second 
cryptographically secure network connections are each formed 
using at least one encryption key from a group comprising a 
symmetric key, an asymmetric key, and a symmetric session key 
encrypted with an asymmetric key. 

61. (New) The method of claim 54 wherein the data is encrypted 
with at least one encryption key for which the switch system 
does. not have access to the encryption key's corresponding 
decryption key. 

62. (New) The method of claim 54 wherein the switch 

; authenticates the first access system by decrypting a message 
encrypted by the first access system using the first access 
system's! private -public key pair. 



.63. (New) The method of claim 54 wherein the switch 
• ; authenticates the second access system by decrypting a message 
encrypted by the second access system using the second access 
system's private -public key pair. 

64. (New) The method of claim 54 wherein the switch forms a 
•• first cryptographically secure network connection between the 
! authenticated first access system and the switch system, wherein 
communications are encrypted by the first access system private- 
public key pair; 

' . 65, (Sew) The method of claim 55 wherein during transmission the 
: data ; to the authenticated second access system via the second 

09/978,113 
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cryptographically secure network connection is encrypted by said 
second accesa system public key pair. 

66. (New) The method of claim 54 wherein during transmission the 
* data to the authenticated second access system via the second 
cryptographic ally secure network connection is encrypted by said 
second access system public key pair. 

. 67.. (New) The method of claim 65 wherein said plurality of 
access systems, each has a unique private -public key pair 
associated with said access system. 

.68. (New) The method of claim 54 wherein the switch forms a 
first cryptographically secure network connection between the 

■authenticated first access system and the switch system, wherein 
communications are encrypted by the switch system private -public 

■ key pair. 
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